I wanted to find out if there is any way to indentify which clients on a particular network interface are using a certain amount of bandwidth. We have an ASA 5510 with four interfaces including the internet and one network is generating an excessive amount of inbound traffic from the internet and I want to determine which client system on that network is generating the traffic. Is there a log or a setting to allow me to identify that client system by IP or Mac address?
You could setup a rate limit using police within a policy-map and see when its triggered. This would allow you to control the amount of bandwidth used, and to log when the threshold is breached. However police is only applicable to egress traffic, and would affect all traffic defined by the match specified within the appropriate class-map, so I guess theres no way to narrow this down without knowing the culprit.
In this scenario I suggest you to use a packet analyzer such ethereal ot packetizer .. you can get them from the web just google it. You could mirror the port connected to the ASA's interface that links to te network having the problem. This will give you an good idea of top ten connections etc... Also there is another tool statseeker .. you could get a trial version for 30 days.
Instead of setting up a port mirror simply perform a local capture on the ASA and export it to ethereal. (via a copy /pcap). If you make it a circular capture you could leave it running to have the data always available whenever you need it.
Another option (more long-winded though) would be to put an access-list on one of the interfaces with a separate line for each IP. A "show access-list" would then give you a quick overview of IP address activity.
Not a cisco answer, but an easy one. If you have a span port of the traffic, connect a linux box and use ipaudit (http://sourceforge.net/projects/ipaudit). Very lightweight and passive. Web-based 'top-20' reports to give you exactly what you are asking.
Thanks for all the suggestions, so far we have applied a policy map to limit bandwidth on that interface to 256k which doesn't answer the queston but stops these clients from eating up the T1. I'm going to try a couple of the non-cisco suggestions using a linux box on that network to monitor activity more closely. Again thank you all for some very useful and interesting suggestions.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :